74 pointsby djfergus11 hours ago7 comments
  • goodburb2 hours ago
    Tested on three Android devices (version 9, 13, 16) with different Firefox versions under 150 (had to modify for older).

    Two boot looped, I had to enter recovery and the other just powered off [0].

    The demo modifies the wallpaper on supported Pixel devices.

    [0] IonStack https://rootme.nebusec.ai

    ____

    Tip: Install a Chromium flavor browser (Chromite) separate from the main browser.

    Disable Javascript and hardware accelerated video decoder (commonly exploited) from the flags page and enable reader mode to fix broken JS-dependent websites when browsing blogs and random sites on your personal devices, else dedicate a tablet.

  • password43218 hours ago
    Forgot to include "LPE" (local...) in the title so most of us can get back to weekending.
    • Chu4eenoan hour ago
      they also found a type confusion in firefox/ionmonkey, so you can go from random website to pwned very quickly.
    • circularfoyers5 hours ago
      Since this enables container escape, sounds like this might still impact quite a lot of us?
  • teleforce8 hours ago
    >Google has rewarded us $92,337 in kernelCTF

    I'm all ears now

    • mrbluecoat8 hours ago
      Seems low considering the wide impact, but maybe the only thing corporations throw big money at is remote exploits?
      • tptacek2 hours ago
        That's a huge amount of money for a vulnerability.
  • amatecha7 hours ago
    Daaaaamn: "GhostLock was introduced in Linux 2.6.39 and fixed in Linux 7.1."
  • ranger_danger10 hours ago
  • 2 hours ago
    undefined
  • mixmastamyk10 hours ago
    A what?
    • teo_zeroan hour ago
      I'm glad someone else asked. :)

      It's not so widely used and it's not explained in the first couple screenfuls of TFA (which by itself is weirdly structured, taking entire paragraphs to explain when it was introduced, when it was discovered, etc. before even explaining what it actually is).

      Of course the title was chosen when the article was first published on a site dedicated to security, where probably everyone knows it. This suggests that insisting on unmodified titles when republishing in HN is a poor rule.

    • happymellon10 hours ago
      Use after free?